Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Citrix Internet Gateways - Critical Need To Lock These Down


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:07:13 PM

Posted 12 October 2007 - 09:09 AM

Administrators should carefully examine Citrix gateways and implement improved protection. This includes best practices for the Citrix client and server environment, VPN based access only and special handshaking trusts with port 1494 to ensure this environment is properly secured.

Government News - Lock down those Citrix gateways!
http://www.gcn.com/blogs/tech/45220.html

Citrix Opens Security Holes in Military, Federal Web Sites
http://www.eweek.com/article2/0,1895,2193114,00.asp

CITRIX: Owning the Legitimate Backdoor
http://www.gnucitizen.org/blog/citrix-owni...imate-backdoor/

Hacking CITRIX - the forceful way
http://www.gnucitizen.org/blog/hacking-cit...e-forceful-way/

Citrix Security Best Practices
http://www.thin-world.com/nfuse.htm
http://www.sessioncomputing.com/security.htm
http://www.google.com/search?hl=en&q=c...+best+practices

The Internet is full of wide open CITRIX gateways. This is madness!. The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tons of wide open services, some of which were located on .gov and .mil domains.

When available over the Internet, such configuration files offer a wealth of information to malicious hackers about the server operating environments of these gateways. Even more troublesome is how the researcher found that, using his own Citrix client software, he was able to access many of these remotely available applications without log-in access.

eWeek covered this problem and attributed the vulnerability less to Citrix’s software itself and more to sysadmin laxness in not properly managing port 1494, the port Citrix software usually deploys to supply applications to end users. "Citrix is able to be secured, but that's like everything else in computing: the admin needs a brain," one security observer noted on a mailing list.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users